How to auto renew certs that have created with domain control validation

Rajesh · June 27, 2018, 7:08am

Hi,

I created a certificate using ./certbot-auto certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges http -d domain.myname

It needs a domain control verification as mentioned preferred challenge as HTTP. How can I automate the renewal process using auto-renew where it needs a domain validation every time. (first I don’t know it does the domain validation each time when renewing or not)

My domain is: domain.myname

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

danb35 · June 27, 2018, 8:03am

You don't use the --manual command, but rather one that will automate the process like --webroot. But since you've told us nothing about your environment (all those questions that you didn't answer), it's pretty hard to give any more specific suggestions.

Rajesh · June 27, 2018, 8:53am

Ohh sorry…here about my env.

My web server is (include version): Apache/2.2.15 (Unix)
The operating system my web server runs on is (include version): CentOS release 6.9 (Final)
I can login to a root shell on my machine (yes or no, or I don’t know): yes

Rajesh · June 27, 2018, 9:31am

I looked at webroot plugin. It works good when you have less domains as webroot can modify only on local server. But I have many domains and it’s hard to configure certbot on every local server. Is there any other way to do this renewals from the remote host by configuring cron job?

Thanks
Rajesh

_az · June 27, 2018, 9:37am

Well, usually you do want to configure Certbot on every server locally, because the certificate then also has to be installed locally.

GitHub - srvrco/getssl: obtain free SSL certificates from letsencrypt ACME server Suitable for automating the process on remote servers. is one such project that is focused on the use case of both performing validation (e.g. copying files to webroots) and installation from a remote/central host, but it is generally much less friendly than just using a local ACME client.

You can stick to Certbot and use manual auth hooks and deploy hooks to perform all of the remote actions, but in that case, getssl may just be a better choice!

Rajesh · July 18, 2018, 11:26am

I fixed this issue by using --manual-auth-hook and --manual-cleanup-hook.

I have written two scripts - one is for the HTTP authentication - it copies the HTTP validation file on to remote host apache root server dir. and completes the authentication. Another one cleanup the files that created part of authentication.
I installed certbot on the local server and mentioned the remote hostname and server root directory. Here is the command I ran to do the HTTP validation remotely.

./certbot-auto certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --email email@myemail.com --manual-public-ip-logging-ok --agree-tos --renew-by-default --preferred-challenges=http --manual-auth-hook _authentication-script-path_ --manual-cleanup-hook _cleanup-script-path_ -d domainname

Thanks for the responses.

–
Rajesh

Rajesh · July 19, 2018, 3:56am

Hi all,

I have one more query. Right now I have created the SSL certs with HTTP validation. Going forward when I renewing the certs, it is required to do the domain validation again?

–
Rajesh

_az · July 19, 2018, 4:02am

Yes - when Certbot goes to renew, it will call your auth hooks automatically to perform domain validation again.

system · August 18, 2018, 4:02am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.